Now it works for normal Ajax request, but not when I add custom headers. Let me give a full example, so you can try it out (assuming you have a gmail/google account somewhere):

Visit this url to request a temporary security token: AuthSubRequest. The site will ask for permission. If you grant permission, you will be fowarded to Extjs.com?token=sometokenhere. This token is a temporary token that you can exchange for a session token using this request:

The response for this request should contain a new token, that you can use to access google services. Note that it is important that the authorization header should be exactly in the form AuthSub token="asdf8sdjksdu8ds8g", and you can use every temp token only once.

I have the same problem with ExtJs 4.1.1a, the store.load() creates an OPTIONS request instead of a GET in Firefox (works fine in IE/Chrome though, sending a GET).
How can I tell ExtJS to send a proper GET and not OPTIONS in Firefox?